IPNetSentry 1.2 Bans Code Red Traffic -- Sustainable Softworks has updated IPNetSentry, their personal firewall and network security software (see "Macworld SF 2001 Trend: Personal Firewalls" in TidBITS-564 for more information on personal firewalls). New in IPNetSentry 1.2 is a feature that can detect in incoming packets patterns of data found in the Code Red-type worms that have caused such havoc for PCs running Microsoft's Internet Information Server (IIS). Although the Code Red worm can't infect or otherwise harm Macs, whether or not they're running a Web server, the traffic can impact the responsiveness of your Internet connection and fill up Web server log files. Once IPNetSentry 1.2 detects a Code Red intrusion, it blocks the originating IP address and the lack of a response causes the Code Red-infected machine to stop sending packets. As new Code Red-type worms appear, IPNetSentry users will be able to download new #set/payload_inspection commands from the Sustainable Softworks Web site and insert them in the IPNetSentry configuration file to block unwanted traffic. The IPNetSentry 1.2 update is free to registered users; otherwise IPNetSentry costs $35. It's a 1.3 MB download. [ACE]

<http://www.sustworks.com/site/prod_ipns_ overview.html>
<http://db.tidbits.com/article/06281>